archive
/
nextcloud
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Releases Wiki Activity

use MDB2's escape instead of mysql_escape

Browse Source
remotes/origin/stable
Robin 14 years ago
parent 6668793f4a
commit 7b08854f70
2 changed files with 19 additions and 18 deletions
Show Stats Download Patch File Download Diff File

17
inc/lib_base.php
Unescape Escape View File

@ -474,14 +474,15 @@ class OC_DB {
}
}
static public function createTable($name,$definition){
self::connect();
self::$DBConnection->createTable($name,$definition);
}
static public function createConstraint($table,$name,$definition){
self::connect();
self::$DBConnection->createConstraint($table,$name,$definition);
/**
* escape strings so they can be used in queries
*
* @param string string
* @return string
*/
static function escape($string){
OC_DB::connect();
return self::$DBConnection->escape($string);
}
}

20
inc/lib_user.php
Unescape Escape View File

@ -60,8 +60,8 @@ class OC_USER {
}else{
$password=sha1($password);
$usernameclean=strtolower($username);
$username=mysql_escape_string($username);
$usernameclean=mysql_escape_string($usernameclean);
$username=OC_DB::escape($username);
$usernameclean=OC_DB::escape($usernameclean);
$query="INSERT INTO `users` (`user_id` ,`user_name` ,`user_name_clean` ,`user_password`) VALUES (NULL , '$username', '$usernameclean', '$password')";
$result=OC_DB::query($query);
return ($result)?true:false;
@ -76,8 +76,8 @@ class OC_USER {
public static function login($username,$password){
$password=sha1($password);
$usernameclean=strtolower($username);
$username=mysql_escape_string($username);
$usernameclean=mysql_escape_string($usernameclean);
$username=OC_DB::escape($username);
$usernameclean=OC_DB::escape($usernameclean);
$query="SELECT user_id FROM users WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1";
$result=OC_DB::select($query);
if(isset($result[0]) && isset($result[0]['user_id'])){
@ -117,7 +117,7 @@ class OC_USER {
*/
public static function creategroup($groupname){
if(OC_USER::getgroupid($groupname)==0){
$groupname=mysql_escape_string($groupname);
$groupname=OC_DB::escape($groupname);
$query="INSERT INTO `groups` (`group_id` ,`group_name`) VALUES (NULL , '$groupname')";
$result=OC_DB::query($query);
return ($result)?true:false;
@ -132,8 +132,8 @@ class OC_USER {
*/
public static function getuserid($username){
$usernameclean=strtolower($username);
$username=mysql_escape_string($username);
$usernameclean=mysql_escape_string($usernameclean);
$username=OC_DB::escape($username);
$usernameclean=OC_DB::escape($usernameclean);
$query="SELECT user_id FROM users WHERE user_name_clean = '$usernameclean'";
$result=OC_DB::select($query);
if(!is_array($result)){
@ -151,7 +151,7 @@ class OC_USER {
*
*/
public static function getgroupid($groupname){
$groupname=mysql_escape_string($groupname);
$groupname=OC_DB::escape($groupname);
$query="SELECT group_id FROM groups WHERE group_name = '$groupname'";
$result=OC_DB::select($query);
if(!is_array($result)){
@ -268,8 +268,8 @@ class OC_USER {
public static function checkpassword($username,$password){
$password=sha1($password);
$usernameclean=strtolower($username);
$username=mysql_escape_string($username);
$usernameclean=mysql_escape_string($usernameclean);
$username=OC_DB::escape($username);
$usernameclean=OC_DB::escape($usernameclean);
$query="SELECT user_id FROM 'users' WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1";
$result=OC_DB::select($query);
if(isset($result[0]) && isset($result[0]['user_id']) && $result[0]['user_id']>0){

Write Preview
Loading…
Cancel
Save